Sequretek Advisory - Confluence Zero-Day Vulnerability
6/08/2022
A critical zero-day vulnerability in Confluence Server and Data Center is being actively exploited in the wild. CVE2022-26134 allows for unauthenticated remote code execution on servers running all supported versions of Confluence Server and Confluence Data Center.
• Recently Atlassian fixed a critical security flaw affecting its Confluence Server and Data Center products that is being actively exploited by threat actors to achieve remote code execution.
• The zero-day vulnerability, CVE-2022-26134, affects all supported versions of Confluence Server and Data Center and allows unauthenticated attackers to gain remote code execution on unpatched servers.
• Confluence is a Java-based corporate Wiki employed by numerous enterprises.